Newly developed offensive USB cable could allow attackers to execute commands over WiFi
- The newly developed offensive USB cable when plugged into a computer could allow attackers to execute commands on the computer over WiFi.
- The malicious cable if plugged into a computer works like a keyboard or a mouse and could allow attackers to manipulate the mouse cursor.
A security researcher Mike Grover, who goes by the pseudonym ‘_MG_’, developed an offensive USB cable (O.MG cable) that includes an integrated WiFi PCB. This newly developed malicious USB cable if plugged into a computer could allow attackers to execute commands on the computer or manipulate a mouse cursor over WiFi.
Grover described that the WiFi chip embedded in the USB cable allows an attacker to remotely connect to the computer and execute commands.
This cable when plugged into a computer is detected by the operating system as a human interface device (HID). HID devices are considered as input devices by an operating system, they can be used to input commands as if they are being typed on a keyboard.
Works like a keyboard and a mouse
The security researcher explained that when the cable is plugged into a computer, it works like a keyboard and a mouse. This implies that an attacker can input commands regardless of whether the device is locked or not. Even worse, if the computer locks a session using an inactivity timer, the offensive cable plugged-in can simulate user interaction to prevent session locking.
“It ‘works’ just like any keyboard and mouse would at a lock screen, which means you can type and move the mouse. Therefore, if you get access to the password you can unlock the device,” Grover told BleepingComputer.
“Also, if the target relies on an inactivity timer to auto lock the machine, then it’s easy to use this cable to keep the lock from initiating by simulating user activity that the user would not notice otherwise (tiny mouse movements, etc),” Grover added.
Grover further told BleepingComputer that the integrated WiFi chips can be preconfigured to connect to a WiFi network and potentially open reverse shells to a remote computer. This could allow attackers in remote locations to execute commands to allow additional visibility to the computer when not in the proximity of the cable.
WiFi de-authentication attacks
While the human interface device (HID) attack can be prevented using a USB condom, the cable could still be used for WiFi de-authentication attacks.
WiFi de-authentication attacks are used to disconnect nearby wireless devices from an access point by sending de-authentication frames from spoofed MAC addresses.
Grover visualizes that a de-auth attack can be used in situations where attackers do not have access to a location to perform an attack, but the victim's plugged-in USB cable has access.
“You aren’t in range of a wireless target, but the target person is. Using this cable, you can get them to carry the attack hardware inside a controlled area. Maybe to disrupt a camera? Maybe a fun disruption/diversion for another attack. (Imagine distributing a dozen inside an office and suddenly IT/Sec is focused on the chaos),” Grover illustrated.
Not for sale
Grover noted that the embedded WiFi PCB was developed using a desktop mill. This surprised many users because a desktop mill is not normally used to create high-quality PCBs and that Grover’s PCB s were of high quality.
“I have spent approximately $4,000 over 300 hours of research into creating the needed WiFi PCBs and adding them to the cable. This was done using a desktop mill, which is typically not used to create high-quality PCBs in a DIY environment,” Grover told BleepingComputer.This offensive cable (O.MG) is currently not for sale, but the security researcher hopes to sell the cable to other security researchers in the future. However, the researcher noted that he wants to make more changes to the cable before making it available for sale.